Description

This article describes how to transfer an existing FortiToken binded to a user to another new unit(still the same user).

Scope

FortiAuthenticator.

Solution

Important Notes.
The FortiToken transferred to another unit while still under the same user account.

To transfer to another different user, delete the FortiToken from FortiAuthenticator and reassign it.
The following is the Network topology; in this scenario, the Port Forwarding had already been done on the FortiGate and focus on the FortiAuthenticator configuration.

1. Login to the FortiAuthenticator from GUI. Go to System -> Administration -> Public IP/FQDN for FortiToken Mobile -> Public IP + FortiAuthenticator port forwarding port.

2. Enable the FortiToken Transfer feature:Go to Authentication -> User Account Policies -> Tokens -> FortiToken Mobile Transfer and enable the FortiToken transfer feature.

3.  Enable the FortiToken transfer service on the FortiAuthenticator interface (the interface which holding the FortiAuthenticator IP after port forwarding). Go to System -> Network -> Interface -> Edit interface and enable 'Fortitoken Mobile API'.

 

 

4.  Select 'Transfer Tokens from the Mobile': Go to Info -> Transfer Tokens.

 

 

 

 

5. Select FortiToken to Transfer: Select Fortitoken and select 'OK' for acknowledgement.

 

 

6. The FortiToken transfer request will be received from a specific source IP address (the Fortitoken Mobile public IP). Refer to the sample log above.

 

 

 

7. The activation message and QR code will be sent to the respective email address configured under the user account assigned to this FortiToken mobile.

 

 

 

8. An email to reactivate the FortiToken mobile again on the other new unit will be received.

Related article:

Technical Tip: FortiToken Push on FortiAuthenticator - operation flow and details

Troubleshooting Tip: FortiToken Mobile push notification issue